Initialize the Vault

When vault first starts up it is in a sealed state. As part of the
initialization process, the operators need to generate unseal keys so they can
unseal the vault.

We would love to go into more detail but we doubt we could get any clearer than
what was written up by Hashicorp themselves. So come back to this post after
y’all have read their doc on initializing vault.

So this is what we suggest doing when genereating the unseal keys for Vault.

Although, we can very easily add another key/value secret engine, we are going
to use secret/ for our team sharing purposes. By default secret/
is KV secret engine v1 which doesn’t provide versioning or ability to roll
back secrets.

Create user accounts for team members

Enable userpass authentication

Vault supports multiple ways allowing users to authenticate against it.
For our purposes, we will be using the userpass auth method, which is simply
a username/password combination.

# View the current authentication methods. Initially, there should only be `/token`
vault kv get sys/auth
# Enable userpass auth
vault auth enable userpass
# This should show `/userpass` in the list now.
vault kv get sys/auth